<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
	<head>
		<title>xssDB</title>
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
		<link rel="stylesheet" href="styles/screen.css" type="text/css"/>
		<link rel="alternate" type="application/rss+xml" title="GNUCITIZEN | XSSDB | XSS Exploits" href="http://creator.zoho.com/pdp/rss/1/"/>
		<script src="scripts/jquery.core.js" type="text/javascript"></script>
		<script src="scripts/jquery.json.js" type="text/javascript"></script>
		<script src="scripts/jquery.blockUI.js" type="text/javascript"></script>
		<script src="scripts/jquery.select.js" type="text/javascript"></script>
		<script src="scripts/jquery.include.js" type="text/javascript"></script>
		<script src="scripts/jquery.tooltip.js" type="text/javascript"></script>
		<script src="scripts/init.js" type="text/javascript"></script>
	</head>
	<body id="main">
		<div id="header">
			<h1><a href="http://www.gnucitizen.org/xssdb"><span>XSSDB</span></a></h1>
			<p><span>attack database - currently featuring <span id="count"></span> vectors</span></p>
		</div>

		<div id="navigation">
			<h2>navigation</h2>
			<ul>
				<li><a href="#add-xss-exploit">Add XSS Exploit</a></li>
				<li><a href="#xss-tester">XSS Tester</a></li>
				<li><a href="http://xssdb.dabbledb.com/publish/attackdb/dc23ad51-25ef-4fdc-92be-4a7cb606387e/xssdb.rss" target="_blank">XSS Exploits Feed</a></li>
			</ul>
		</div>

		<div id="xss-tester">
			<h2>XSS Tester</h2>
			<form class="clearfix">
				<div class="col">
					<label for="url">url:</label><br/>
					<input type="text" name="url" size="50" title="url to attack. you can include GET parameters here as well"/><br/>
					<input type="button" name="btnTestGET" value="Test GET">
					<input type="button" name="btnTestPOST" value="Test POST">
				</div>
				<div class="col">
					<label for="parameters">parameters:</label><br>
					<textarea name="parameters" rows="3" cols="40" title="parameters to send. use {xss} placeholder to specify where to inject the selected payload"></textarea><br/>
				</div>
			</form>
		</div>
		
		<div id="content" class="clearfix">
			<div class="col">
				<label for="category">exploit category</label><br/>
				<select name="category" size="5"></select>
			</div>
			<div class="col">
				<label for="name">exploit name</label><br/>
				<select name="name" size="5"></select>
			</div>
			<div id="exploit-view" class="col">
				<label>exploit view</label><br/>
				<pre><code id="exploit-string"></code></pre>
				<p id="exploit-description"></p>
				<p id="external-integration" class="section"></p>
			</div>
		</div>
		
		<div id="footer">
			<p>(<a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/2.5/">CC</a>)2007 <a href="http://www.gnucitizen.org">GNUCITIZEN</a></p>
		</div>
		
		<!-- <rdf:RDF xmlns="http://web.resource.org/cc/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">	
			<Work rdf:about="">
				<license rdf:resource="http://creativecommons.org/licenses/by-nc-nd/2.5/" />
				<dc:title>GNUCITIZEN</dc:title>
				<dc:date>2007</dc:date>
				<dc:creator><Agent><dc:title>Petko D. Petkov</dc:title></Agent></dc:creator>
				<dc:rights><Agent><dc:title>Petko D. Petkov</dc:title></Agent></dc:rights>
				<dc:type rdf:resource="http://purl.org/dc/dcmitype/Text" />
				<dc:source rdf:resource="http://www.gnucitizen.org" />
			</Work>
			<License rdf:about="http://creativecommons.org/licenses/by-nc-nd/2.5/">
				<permits rdf:resource="http://web.resource.org/cc/Reproduction"/>
				<permits rdf:resource="http://web.resource.org/cc/Distribution"/>
				<requires rdf:resource="http://web.resource.org/cc/Notice"/>
				<requires rdf:resource="http://web.resource.org/cc/Attribution"/>
				<prohibits rdf:resource="http://web.resource.org/cc/CommercialUse"/>
			</License>
		</rdf:RDF> -->
		
		<script defer src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
		<script defer type="text/javascript">_uacct = "UA-363996-1"; urchinTracker();</script>
	</body>
</html>
